Skip to main content
rzahraoui
rzahraoui
New Member
November 10, 2015
Question

Issue on VPN

  • November 10, 2015
  • 1 reply
  • 15653 views

Hi,

 

I configured a new VPN S2S on my fortigate with a remote Cisco ASA.

The issue is that i can't initaite the vpn from the Fortigate location. and When i launch the connection from the the ASA location the vpn is up and ready.. but still can't have connectivity from Fortigate location to ASA one.

All seem ok on my fortigate.

Routing of encrypted networks via the tunnel.

ACLs opened on both side (outgoing and incoming)

 

I have this error on my fortigate (INVALID ID Information)

 

 

    1 reply

    emnoc
    emnoc
    New Member
    November 10, 2015

    I could not see your png file but maybe nothing wrong and the cisco  is set as a "initiator" only

     

    e.g

     

    crypto map asa2fgt 10 set connection-type originate-only

     

     

    rzahraoui
    rzahraouiAuthor
    New Member
    November 10, 2015

    THanks Emnoc,

     

    This was caused by having multiple subnets on phase 2

    http://kb.fortinet.com/kb/documentLink.do?externalID=10440

     

    Thanks.

    HaTiMuX
    HaTiMuX
    New Member
    February 13, 2019

    Sometimes you can have this error because you need to define a local ID on the Fortigate:

     

    2019-02-12 18:43:59.920894 ike 0:VPN_XXX:343423: received peer identifier FQDN 'x.x.x.x'

    2019-02-12 18:43:59.920957 ike 0:VPN_XXX:343423: PSK authentication succeeded

    2019-02-12 18:43:59.920979 ike 0:VPN_XXX:343423: authentication OK

    .

    .

    .

    2019-02-12 18:44:09.327511 ike 0:VPN_XXX:343423: notify msg received: INVALID-ID-INFORMATION

     

    config vpn ipsec phase1-interface

        edit "VPN_XXXX"

            set localid "x.x.x.x"

            set localid-type fqdn

        next

    end

    Terms & ConditionsCookie settingsAccessibility statement